North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: So.. you want to track some DoS traffic?
On Mon, 2 Jul 2001, Alex Bligh wrote: > > Credit: Credit should go to those listed in the link, UUNET's TAC-Eng > > group, UUNET's Net-Sec group, UUNET's Customer Router Security Group, > > firstname.lastname@example.org and a few others I have forgotten. > > Slight sense of Deja Vu. > > Without wishing to blow my own trumpet, from NANOG in 1999: > > http://answerpointe.cctec.com/maillists/nanog/historical/9907/msg00083.html So basically you've proposed implementing black hole routing via a community... this is nice and COULD be used by customers, though I'd be worried about them blackholing something 'important' and not figuring it out... which is all too common a problem. We discussed this at implementation/design time and fell back on "we would rather do it manually, just in case...". Additionally, if someone messed up the customer's filter and didn't filter their routes they could accidently drop traffic another customer :( Manual and by a select few people was the end decision. Not that it's not a great idea, but BGP is 'hard' and customers (and providers) routinely screw it up :( Also, your paper doesn't hit the main thing I was getting at: Tracking the attack... dropping traffic is great and you can do it in 101 different ways, but the tough part was tracking it... (at least it was the tough thing we was trying to make less tough). -Chris